We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-3659

Improper authentication handling for Digi PortServer TS; Digi One SP, SP IA, IA; Digi One IAP



Description

Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774_Z, build date 10/19/2020 * Digi One IAP – prior to and including 82000770 Z, build date 10/19/2020 A specially crafted POST request to the device’s web interface may allow an unauthenticated attacker to modify configuration settings.

Reserved 2025-04-15 | Published 2025-05-12 | Updated 2025-05-12 | Assigner Digi


CRITICAL: 9.4CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L

Problem types

CWE-287 Improper Authentication

Product status

Default status
affected

Any version
affected

Default status
affected

Any version
affected

Default status
affected

Any version
affected

References

hub.digi.com/...nfrastructure-management/digi-portserver-ts/ patch

hub.digi.com/...ts/infrastructure-management/digi-one-sp-ia/ patch

hub.digi.com/.../infrastructure-management/digi-one-iap-haz/ patch

www.digi.com/...ortServ/improper-authentication-handling.pdf vendor-advisory

cve.org (CVE-2025-3659)

nvd.nist.gov (CVE-2025-3659)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-3659

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.